I have to scan a few servers using nmap and nessus to check for problems but I've got a little ftp proxy problem to solve.

The problem is as follows.
I run nmap to scan one of our ips that I know is a dead ip, meaning there is no host for it but it comes back as finding a host and that port 21 was found.
This goes for all our external server ips, every one reports port 21 being available when we know that its not, this goes for ips with and without hosts.

The only thing I can think of is that the ftp proxy in my firewall is causing this to happen. I'm running pf on FreeBSD 7.1-STABLE

The question is, how can I stop nmap and nessus to say that port 21 is open when we know its not, I know I can tell it to not to scan port 21 but that is not the solution I'm looking for.

If your firewall is redirecting ftp traffic to ftp-proxy using a redirection rule, tell that rule not to redirect the IP you're scanning from (at least during the scanning process). Though: if a port 21 is open on any of those hosts, you can't get to it and you will never notice it ..

Note that using nmap/nessus through a firewall has limited reliability anyway, because nmap/nessus may report ports as closed on the hosts it's supposed to scan just because the intermediate firewall doesn't allow connections to these ports. In other words: you're none the wiser, because you have an 'impaired view on the world'.